 Hello, welcome to Windows Server Summit. My name is Dave Shrestha. I'm a Cloud Solution Architect at Intel. Today, I'll be going over automated provisioning of confidential computing with Intel TDX. What I'll cover is what is confidential computing, Intel Cloud Optimize Modules with HashCorp Terraform what they are, as well as a demo of how to use the module. What is confidential computing? Confidential computing puts you in control of your data and how it can be accessed in the Cloud. Even confidential or regulated data can be protected when in use in the public Cloud, so you can take advantage of economics of scale of Cloud while remaining compliant. Confidential computing enables you to engage in multi-party analysis collaboration, but do so in a way that keeps each party's data private. You can realize the benefits of shared analysis without losing privacy and compliance. Confidential computing adds technical logical controls that help ensure data will be handled in compliance with proper procedure and your preferred regulatory framework. Convigial computing armors it up your workloads, helping you protect sensitive data, content and software IP from advanced attack tampering and theft. This diagram illustrates the differences in trust boundary between Intel's different technologies. Without any confidential computing technology, everything is inside the trust boundary. Notably, all of the Cloud providers, firmware, Cloud stack, hypervisor and Cloud admins. Any of these entities could potentially access confidential data in attendance instance either by design or as a result of an exploited vulnerability. Confidential computing with VM isolation technologies like Intel TDX, removes everything out of the trust boundary, except what's inside the tenants VM. The Cloud provider stack and admins are out as well as other Cloud tenants. The VM admins, guest OS, and all the applications are inside the trust boundary. Although the Cloud provider is removed, the trust boundary can have millions of lines of code and any software vulnerabilities that come with them. Confidential computing with application isolation technologies like Intel SGX, removes everything from trust boundary, except the application code inside an SGX enclave. Intel SGX is the only confidential computing technology that offers this level of isolation. Only Intel offers application isolation with SGX. Today, I'll be doing a demo of how you can use Intel Cloud Optimize Module that uses HashiCorp Terraform to deploy an Azure confidential VM with Intel TDX. To deliver VM isolation as quickly as possible, Intel partnered with Microsoft Azure who has staked out leadership positions in confidential computing. We invite customers to begin POCs and deployment for confidential VMs with Intel TDX in Azure. Since DCV5 and ECV5 series instances with Intel TDX are now available in public preview in Azure. Intel GitHub, we have made available the Intel Cloud Optimize Modules I have mentioned earlier. It uses HashiCorp Terraform to make it easy for you to deploy many kinds of workloads, including Intel TDX VM that I'll be demoing shortly. Intel Cloud Optimize Module for Azure Windows VM with TDX as I mentioned uses HashiCorp Terraform to automate deployment of VM with Intel TDX and has pre-configured list of your instances that support TDX, so you don't have to manually search for which instances support TDX such as DCV5 and ECV5 instances, as well as it has configuration parameters that is required for provisioning VM, so you don't have to manually search and configure yourself. Let me begin a demo. I'll do a demo provisioning Intel TDX VM using Intel Cloud Optimize Optimization Modules for HashiCorp Terraform. This is our public repository. I'm sharing here in the screen Terraform Intel Azure Windows VM module that we have. We call it Intel Cloud Optimize Module for Terraform. Here in this base module, we have an example for a TDX VM. As I mentioned earlier, this module is going to basically use supported DC series and EC series V5 instances, and it's going to provision everything you need to enable TDX VM and there's some parameters that you could adjust in the very top of this main that you have filed that we are creating basically a Key Vault, which is optional. You don't have to do that. You could actually comment that out if you like, and in the bottom is the actual what's required. It'll go ahead and like as I mentioned, create a DC V5 instance with two virtual CPU. Excuse me, you can change that to anything you like, and it also has variables for the different OS and if supported OS. This one is the current for the private preview, the Windows Server that supports TDX. I'm going to switch over to my Terraform, I'm sorry, my Azure portal, and I do the example that we have, it requires you to have a VNet and a subnet created. I have a resource group with a VNet and a subnet already created. As you see here, there's nothing here, so I'm going to go ahead and run the Terraform, and which is going to create a TDX VM, so let me go ahead and switch over to Visual Studio. Second here, and I have, so this is my folder where I've downloaded from the GitHub, the example, and I switched over to the Azure Windows TDX VM example folder, and I'm going to do a Terraform in it, and I'm going to do a Terraform apply, or actually let me do a plan first, and I'm going to do auto-approve, and I'm going to do a password here. This is just making sure that I don't have any errors with this module. All right, I'm going to do a Terraform apply, and I'm going to do a password, and I'm going to have to type a yes, because I forgot to do auto-approve, so now you see that it's starting to create services, it's creating that at the very top, as I mentioned, there's optional creating a Key Vault, it's going to go ahead and create a Key Vault, and it's going to go ahead and create a disk, it's going to then create the VM, et cetera, so while it's doing that, we can switch over to Azure Portal and take a look there, so I'm going to hit refresh here, so I did notice there's only two resources here, I'm here to refresh, so here we go, the Key Vault is there, the Nick is coming in, and then now the VM should be coming in, give it a second here, it takes about three minutes total, so let's give it a minute or more. There we go, so Windows Virtual Machine is still creating, so you probably, we should be able to see it there, it's not going to be ready obviously, but we should be able to start seeing it, so I'm going to scroll down, I'm going to refresh, and scroll down here, there we go, Windows VM, so it's not, I mean, obviously it's not done, but what you can take a look at is to kind of validate that, some of the things I mentioned earlier, for example, creating a DC series, which is a confidential compute with TDX, right, Intel TDX v5 is there, and on the security type, it is confidential here, and we have enabled Secure Boot as well as VTPM, right, and so these are some of the validations, obviously it still is going, actually, it might be done, because I'm not seeing any pending issues here, let me go switch over to Terraform, yeah, it's still going though, give it a second, as I mentioned, it takes about three minutes for it to complete, once it's completed, you could go ahead and attach public IP or et cetera, and just log into the computer, and then you're good to go, so really that's what I wanted to showcase is that we have these Terraform, what we call Intel Optimize Cloud Modules in GitHub, that we have over 30 modules across different cloud providers in Azure, we have multiple modules there, including Linux and Windows, VMs, SQL Server, et cetera, this example was for a Windows TDX VM, and as you can see here, let me see if it's done, it's still going, it takes, like I mentioned, about three minutes, it will go ahead and finish, and you'll have basically without having to go to the portal and specifying each parameters, all that, you could just use for repeatability, et cetera, you could use something like our Terraform here, go it's done, you could use our Terraform module, you can modify as needed, all the variables for you, and provision the VM, and you should be good to go, so let me refresh this, and yep, it's all good to go, there we go, so that's what I wanted to show you today, as an example, is what is TDX, first of all, and then how to provision quickly a TDX VM in Azure using our Intel Cloud Optimize Cloud module that uses a hash core Terraform, I hope you enjoyed that, thank you very much for joining us today, thank you. What does Windows Server mean to you? If you've been in IT a long time, you might have stories of the early versions of Windows Server, or of late nights doing upgrades to minimize the downtime to your organization while you took servers offline, or maybe you're new to IT, and you've been predominantly working in cloud environments where Windows Server has always been a virtualized machine and the cloud for you. For me, Windows Server heralded the start of a technology revolution in an organization that was running on older technology, including mainframe terminals. It really gave us the backbone to roll out Windows client and give the end users access to things like email and Microsoft Word and support those Windows clients. So, Windows Server and I have kind of grown up together and I'm thrilled at the innovation and the new capabilities and features we continue to build into this product here at Microsoft with Windows Server 2025 coming soon. If you're new to an IT career, I want you to take a look at all of the features and capabilities that Windows Server offers. Not necessarily because I want you to set up your own servers, but that is the absolute best way to learn a new product. The thing is, Learning Windows Server taught me so much about the fundamental components of technology. It was there I learned how networking and subnet masks works, how security works, how identity and a directory and authentication works, and so many of those components are still true today and how they work and the capability they need to provide. Even if you're in a cloud world, a lot of those skills are transferable. And when you understand the basics of things like TCPIP, it gives you an amazing skill set for troubleshooting and then architecture and progressing your career. There was a rumor that the cloud was going to replace the systems administrator and that hasn't happened yet. Now, as we go into this AI world, especially with co-pilot capabilities to help you across a number of our Microsoft products, maybe AI is going to take over from this as admin? I don't think so. But I am excited to see what an artificially intelligent future for IT operations could look like. Is it helping me write scripts? Is it analyzing logs? Is it predictive failure alerts? Who knows? But I'm excited to see what we're going to build with an AI future, specifically when it's targeted at IT professionals and the work that we do.